Skip to main content
SpringerLink
Log in

Spear Phishing Using Machine Learning

  • Conference paper
  • First Online:
Advances in Computing and Data Sciences (ICACDS 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1848))

Included in the following conference series:

  • 366 Accesses

Abstract

In this digital age, personal data is more valuable than an actual human being. It corresponds to a person’s daily internet activity. Open-source intelligence can be used to collect data in a variety of ways, which is later put to use for social engineering attacks. The purpose of this paper is to assess the level of data that is freely available online and its potential consequences for personal privacy. This paper discusses the use of machine learning algorithms and tools for automating email phishing attacks. The personal data of the victim is gathered from open-source websites in order to analyze their online activity. This information is then analyzed in an attempt to learn more about the victim’s interests and a relevant email template is created based on this information. The machine learning algorithm is then provided with the constructed template, which predicts how successful a phishing attack would be if launched. This paper uses a machine learning algorithm that is composed of support vector machines (SVM) and logistic regression (LR). This hybrid algorithm, which is a combination of SVM and logistic regression, achieves a peak accuracy of 99.69% when compared to using only one type of classification method, such as SVM or LR. The purpose of this paper is to increase the effectiveness of phishing attacks by automating the data extraction process and to analyse the success rate of attack using machine learning before launching it. This paper will serve the interests of institutions/companies by providing a convenient way to conduct automatic phishing as part of Cyber-Security training to educate employees, giving them a practical experience of social engineering attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alsariera, Y.A., Adeyemo, V.E., Balogun, A.O., Alazzawi, A.K.: AI meta-learners and extra-trees algorithm for the detection of phishing websites. IEEE Access 8, 142532–142542 (2020). https://doi.org/10.1109/ACCESS.2020.3013699

    Article  Google Scholar 

  2. Peng, T., Harris, I., Sawa, Y.: Detecting phishing attacks using natural language processing and machine learning. In: 2018 IEEE 12th International Conference on Semantic Computing (ICSC), pp. 300–301 (2018). https://doi.org/10.1109/ICSC.2018.00056

  3. Lee, J., Lee, Y., Lee, D., Kwon, H., Shin, D.: Classification of attack types and analysis of attack methods for profiling phishing mail attack groups. IEEE Access 9, 80866–80872 (2021). https://doi.org/10.1109/ACCESS.2021.3084897

    Article  Google Scholar 

  4. Feng, J., Zou, L., Ye, O., Han, J.: Web2Vec: phishing webpage detection method based on multidimensional features driven by deep learning. IEEE Access 8, 221214–221224 (2020). https://doi.org/10.1109/ACCESS.2020.3043188

    Article  Google Scholar 

  5. Kunju, M.V., Dainel, E., Anthony, H.C., Bhelwa, S.: Evaluation of phishing techniques based on machine learning. In: International Conference on Intelligent Computing and Control Systems (ICCS), pp. 963–968 (2019). https://doi.org/10.1109/ICCS45141.2019.9065639

  6. Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutorials 15(4), 2091–2121 (2013). https://doi.org/10.1109/SURV.2013.032213.00009

    Article  Google Scholar 

  7. Baig, M.S., Ahmed, F., Memon, A.M.: Spear-phishing campaigns: link vulnerability leads to phishing attacks, spear-phishing electronic/UAV communication-scam targeted. In: 2021 4th International Conference on Computing & Information Sciences (ICCIS), pp. 1–6 (2021). https://doi.org/10.1109/ICCIS54243.2021.9676394

  8. Salloum, S., Gaber, T., Vadera, S., Shaalan, K.: A systematic literature review on phishing email detection using natural language processing techniques. IEEE Access 10, 65703–65727 (2022). https://doi.org/10.1109/ACCESS.2022.3183083

    Article  Google Scholar 

  9. Asiri, S., Xiao, Y., Alzahrani, S., Li, S., Li, T.: A survey of intelligent detection designs of HTML URL phishing attacks. IEEE Access 11, 6421–6443 (2023). https://doi.org/10.1109/ACCESS.2023.3237798

    Article  Google Scholar 

  10. Geng, G.-G., Yan, Z.-W., Zeng, Y., Jin, X.-B.: RRPhish: anti-phishing via mining brand resources request. In: 2018 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, pp. 1–2 (2018). https://doi.org/10.1109/ICCE.2018.8326085

  11. Nathezhtha, T., Sangeetha, D., Vaidehi, V.: WC-PAD: web crawling based phishing attack detection. In: 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp. 1–6 (2019). https://doi.org/10.1109/CCST.2019.8888416

  12. Sushma, K., Jayalakshmi, M., Guha, T.: Deep learning for phishing website detection. In: 2022 IEEE 2nd Mysore Sub Section International Conference (MysuruCon), Mysuru, India, pp. 1-6 (2022). https://doi.org/10.1109/MysuruCon55714.2022.9972621

  13. Shah, R.K., Hasan, M.K., Islam, S., Khan, A., Ghazal, T.M., Khan, A.N.: Detect phishing website by fuzzy multi-criteria decision making. In: 2022 1st International Conference on AI in Cybersecurity (ICAIC), Victoria, TX, USA, pp. 1–8 (2022). https://doi.org/10.1109/ICAIC53980.2022.9897036

  14. Rose, M.A.S.R, Basir, N., Heng, N.F.N.R., Zaizi, N.J.M., Saudi, M.M.: Phishing detection and prevention using chrome extension, 2022 10th International Symposium on Digital Forensics and Security (ISDFS), Istanbul, Turkey, pp. 1-6 (2022). https://doi.org/10.1109/ISDFS55398.2022.9800826

  15. Ansari, M.F., Panigrahi, A., Jakka, G., Pati, A., Bhattacharya, K.: Prevention of phishing attacks using AI algorithm. In: 2022 2nd Odisha International Conference on Electrical Power Engineering, Communication and Computing Technology (ODICON), Bhubaneswar, India, pp. 1–5 (2022). https://doi.org/10.1109/ODICON54453.2022.10010185

Download references

Author information

Authors and Affiliations

  1. Department of CSE Bengaluru, PES University, Bengaluru, India

    Aditya Mahesh Hegde, S.P. Bharath Kumar, R. Bhuvantej, R. Vyshak & V. Sarasvathi

Authors
  1. Aditya Mahesh Hegde
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S.P. Bharath Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. Bhuvantej
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. R. Vyshak
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. V. Sarasvathi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aditya Mahesh Hegde .

Editor information

Editors and Affiliations

  1. Consilio Research Lab, Tallinn, Estonia

    Mayank Singh

  2. Jaypee University of Engineering and Technology, Guna, India

    Vipin Tyagi

  3. Jaypee University of Information Technology, Waknaghat, India

    P.K. Gupta

  4. Institute of Information Theory and Automation, Prague, Czech Republic

    Jan Flusser

  5. University of Ottawa, Ottawa, ON, Canada

    Tuncer Ören

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hegde, A.M., Kumar, S.B., Bhuvantej, R., Vyshak, R., Sarasvathi, V. (2023). Spear Phishing Using Machine Learning. In: Singh, M., Tyagi, V., Gupta, P., Flusser, J., Ören, T. (eds) Advances in Computing and Data Sciences. ICACDS 2023. Communications in Computer and Information Science, vol 1848. Springer, Cham. https://doi.org/10.1007/978-3-031-37940-6_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-37940-6_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-37939-0

  • Online ISBN: 978-3-031-37940-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation